InfoSci®-Journals Annual Subscription Price for New Customers: As Low As US$ 4,950

This collection of over 175 e-journals offers unlimited access to highly-cited, forward-thinking content in full-text PDF and XML with no DRM. There are no platform or maintenance fees and a guarantee of no more than 5% increase annually.

Receive the complimentary e-books for the first, second, and third editions with the purchase of the Encyclopedia of Information Science and Technology, Fourth Edition e-book. Plus, take 20% off when purchasing directly through IGI Global's Online Bookstore.

Take 20% Off All Publications Purchased Directly Through the IGI Global Online Bookstore: www.igi-global.com/

Abstract

This chapter presents a security analysis of the Brazilian voting machine software based on the experience of the authors while participating of the 2nd Public Security Tests of the Electronic Voting System organized by the Superior Electoral Court (SEC), the national electoral authority. During the event, vulnerabilities in the software were detected and explored to allow recovery of the ballots in the order they were cast. The authors present scenarios where these vulnerabilities allow electoral fraud and suggestions to restore the security of the affected mechanisms. Additionally, other flaws in the software and its development process are discussed in detail.

Introduction

The Brazilian Superior Electoral Court (SEC) has been increasingly adopting electronic elections since 1996, culminating in the current scenario where nearly all votes are collected by voting machines and a considerable fraction of the machines have fingerprinting devices for voter identification. Important milestones in the history of the initiative were the first purely electronic elections in 2000, the transfer of full responsibility for software development to the SEC in 2006 and the migration to the GNU/Linux operating system in 2008. Although security testing by independent parties should be a part of the process from the start, as a natural way to improve reliability of elections and reassure that the system provides sufficient ballot secrecy and integrity, it only received significant attention after the software components and human procedures for electronic voting became stable. An important movement in this direction has been the public and periodic testing of the voting systems organized by the SEC since 2009. Despite some undesirable restrictions, these tests allow teams of specialists from industry and academia to independently evaluate the security mechanisms adopted by the Brazilian voting system.

The main goal of this work is to present the observations collected by the authors during their participation in the 2nd iteration of the Public Security Tests organized by the SEC in 2012. Our previous official report of the event was jointly written with the SEC and does not contain sufficient information regarding other security issues not directly attacked by the authors during the event. Our intention is to point out several limitations of the Brazilian electronic voting system and to contribute to its security process. Following standard practices in the security field, we present self-contained descriptions of the observed software and development process flaws with multiple suggestions for correction or mitigation. This way, the interested parties are in an adequate position to implement effective countermeasures. In particular, the main design and implementation problems detected on the security mechanisms of the voting machine software are detailed. An overview of such issues can be found below: